CVE-2018-14952

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "maction xlink:href=" attack...

CVE-2007-2631

Cross-site request forgery CSRF vulnerability in SquirrelMail 1.4.8-4.fc6 and earlier allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors. NOTE: this issue might overlap CVE-2007-2589 or CVE-2002-1648...

CVE-2006-3665

SquirrelMail 1.4.6 and earlier, with registerglobals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while "cookie theft" is frequently associated with XSS, the vendor disclosure is too vague to be certain of this...

CVE-2005-0152

PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation."...

Fedora Core 2 : squirrelmail-1.4.3-1 (2004-160)

A SQL injection flaw was found in SquirrelMail version 1.4.2 and earlier. If SquirrelMail is configured to store user addressbooks in the database, a remote attacker could use this flaw to execute arbitrary SQL statements. The Common Vulnerabilities and Exposures project has assigned the name...